The future of online user authentication is ... graphics cards?

According to the European PUFFIN project, uniquely identifiable computer hardware, such as graphic cards, could be used for online user authentication applications (Photo: Shutterstock)

The anonymity of the internet is both a blessing and a curse. Not only does it make it easy to pretend you’re someone else and live out a harmless fantasy online, it also makes it relatively easy for someone else to pretend they’re you and run up a hefty credit card bill or the like with nothing but a few key pieces of personally identifiable information. European researchers propose a more secure form of online user authentication that uses common computer hardware to identify specific users.

The researchers from the “Physically unclonable functions found in standard PC components” (PUFFIN) project say that seemingly identical graphics processors commonly used for gaming actually contain unique “fingerprints” that allows them to be differentiated from each other. Known as a physical unclonable function (PUF), these minute and uncontrollable manufacturing differences can be detected by software, allowing a particular graphics card to be linked to a specific user account.

The PUFFIN researchers say that one of the advantages of using such a technique to help prevent online identity theft is that the extra security feature could be implemented on existing hardware and rolled out to users via a software update.

With potential benefits including online user authentication, the ability to encrypt disks without the need for users to remember long passwords, and the ability to protect valuable electronic components against counterfeiting, the researchers are now looking for similar manufacturing differences in other hardware, including CPUs, PCI connectors and mobile phones.

With a total budget of €1.3 million (approx. US$1.67 million), the PUFFIN project is due to run until February 2015.